[openstack-dev] PGP keysigning party for Juno summit in Atlanta?

Sergey Lukjanov slukjanov at mirantis.com
Mon Apr 28 14:37:56 UTC 2014


IIRC there was a key signing party on the launch time in Hong Kong, isn't it?

On Sun, Apr 27, 2014 at 4:05 AM, Clint Byrum <clint at fewbar.com> wrote:
> Just a friendly reminder to add yourself to this list if you are
> interested in participating in the key signing in Atlanta:
>
> https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
>
> Now that we have more visibility about schedules, I think we should try
> to find a time slot. Does anybody have an idea already? If not I think
> we should just pick a break time period and get it done.
>
> Excerpts from Thomas Goirand's message of 2014-03-29 23:32:55 -0700:
>> On 03/30/2014 10:00 AM, Mark Atwood wrote:
>> > Hi!
>> >
>> > Are there plans for a PGP keysigning party at the Juno Summit in
>> > Atlanta, similar to the one at the Icehouse summit in Hong Kong?
>> >
>> > Inspired by the URL at
>> > https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Icehouse_Summit
>> > I looked for
>> > https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
>> > to discover that that wiki page does not yet exist and I do not have
>> > permission to create it.
>> >
>> > ..m
>>
>> If there's none, then we should do one.
>>
>> One thing about last key signing party, is that I didn't really like the
>> photocopy method. IMO, it'd be much much nicer to use a file, posted
>> somewhere, containing all participant fingerprints. To check for that
>> file validity, together, we check for its sha256 sum (someone say it out
>> loud, while everyone is checking for its own copy). And everyone,
>> individually, checks for its own PGP fingerprint inside the file. Then
>> we just need to validate entries in this file (with matching ID documents).
>>
>> Otherwise, there's the question of the trustability of the photocopy
>> machine and such... Not that I don't trust Jimmy (I do...)! :)
>>
>> Plus having a text file with all fingerprints in it is more convenient:
>> you can just cut/past the whole fingerprint and do gpg --recv-keys at
>> once (and not just the key ID, which is unsafe because prone to
>> brute-force). That file can be posted anywhere, provided that we check
>> for its sha256 sum.
>>
>> I would happily organize this, if someone can find a *quite* room with
>> decent network. Who can take care of the place and time?
>>
>> Of course, We will need need the fingerprints of every participant in
>> advance, so the wiki page would be useful as well. I therefore created
>> the wiki page:
>> https://wiki.openstack.org/wiki/OpenPGP_Web_of_Trust/Juno_Summit
>>
>> Please add yourself. We'll see if I can make it to Atlanta, and organize
>> something later on.
>>
>> Cheers,
>>
>> Thomas Goirand (zigo)
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Sincerely yours,
Sergey Lukjanov
Sahara Technical Lead
(OpenStack Data Processing)
Mirantis Inc.



More information about the OpenStack-dev mailing list